ISIS Secret Cyber Terrorism Forum Exposed

Uploaded on 2016-01-06 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

The forum reflects ISIS hackers' growing desire to wage war online

Hundreds of Islamic State supporters have flocked to an online channel dedicated to providing tools needed to wage campaigns of cyber terror across the Internet.

More than 300 people now belong to an IS-affiliated forum filled with users swapping material on how to target and hack into vulnerable networks and computer systems. Deep Web research firm Vocativ discovered the jihadi e-academy on Telegram, a social messaging app that ISIS supporters have used previously to share instructions on how to make explosive devices, hand grenades, suicide belts and Molotov cocktails.

“This channel is dedicated to publishing courses of hacking and programming languages for the supporters of the Caliphate on the Internet,” reads the forum, which was formed on Nov. 24—less than two weeks after ISIS militants waged an orchestrated massacre in the streets of Paris.

Cyber security experts who reviewed some of the hacker material shared on Telegram said that it doesn’t provide the type of know-how required to carry out the kind of catastrophic cyber attack that many of these experts say is possible. The experts also conceded, however, that it reflects the group’s budding desire to wage increasingly sophisticated warfare online.

“Can they do damage? Sure,” said Herb Lin, a Senior Research Scholar for Cyber Policy and Security at Stanford University. “Can they do the kind of damage that causes all of the lights to go out in New York City? That’s much more difficult to discern.”

The bulk of material published on the ISIS hacker forum consisted of videos and content offered for free elsewhere online. Users, for example, recently shared a free, 27-part course on penetration testing, a practice that involves testing a computer system or network for vulnerabilities that a hacker can exploit.

Nearly all of the tutorials reviewed by Vocativ focused on similar skill sets. Experts said they alone are not enough to do serious damage. “Once you get inside a system you need to know what to do,” said Lars Hilse, a digital strategy consultant who authored a report on cyber terrorism last year. “That requires a certain degree of cleverness that, by itself, presents a hurdle to most people.”

The track record among hackers who claim to be affiliated with ISIS has not displayed that level of proficiency. ISIS supporters failed to follow through on threats they made to infiltrate US security on the anniversary of 9/11 this year and an attempt this month to dox US Senate Minority Leader Harry Reid relied on publicly available information, much of which was outdated or inaccurate, Vocativ found.
    
One of the more celebrated cyber attacks claimed by ISIS came in January when members of its so-called “Cyber Caliphate” managed to hack into US Central Command’s Twitter account. No actual Pentagon network or internal system was breached.

Such achievements are a far cry from any ability to cripple entire financial, military and communication systems, which analysts claim is feasible. And they pale in comparison to some of the recent cyber attacks conducted against the US by hackers based in China and Iran, who have managed to breach government data and gain access to American utility networks.

Yet to dismiss the desire among ISIS supporters to commit “cyber jihad” would be wrongheaded, said Alan Brill, a senior managing director at Kroll, a security consulting firm. Brill and other experts have warned for years that networks containing access to critical information and infrastructure are vulnerable. With a group as well-funded, well-organized and as committed to terror as ISIS on the scene, that’s enough to sound the alarm bells.

“If you just think about the interplay of rising hacker skills on the part of terrorists like ISIS and poor security it leads to the conclusion that there’s a significant amount of risk,” Brill told Vocativ. “To be honest, it scares me.”

Hilse said his own fears were realized in April when a group of hackers brought down a television network in France and infiltrated its website and Facebook page. The hackers claimed allegiance to the Islamic State. If it is proven that ISIS was behind the attack, it would signify a new level of sophistication for the terror group, albeit one that it has not demonstrated since.

“It would mean that ISIS is capable of breaching the cyber-physical threshold and actually getting into the real world,” Hilse said. While he’s cautious about giving credit to ISIS, it still remains a wakeup call.
“I know what the possibilities are if the dots are connected,” he said. “The damage can be potentially dire to our Western way of life.”

Vocativ: http://voc.tv/1VB6ilh

« Biggest Cybersecurity Threats In 2016
Google Chief Says UK Leads In E-commerce »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Giesecke+Devrient (G+D)

Giesecke+Devrient (G+D)

Giesecke+Devrient develop security technologies in four major areas: enabling secure payment, providing trusted connectivity, safeguarding identities and protecting digital infrastructures.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.